Chinese-Made Malware Kit Targets Chinese-Based Routers and Edge Devices
DKnife is a Chinese made malware framework that targets Chinese-based users
Stay updated with the latest information security trends, threats, and strategies emerging from China. Discover how China shapes global cybersecurity.
Search across headline titles and summaries.
Background for this topic.
China covers cybersecurity and information-security developments connected to China, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving China's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
DKnife is a Chinese made malware framework that targets Chinese-based users
Cybersecurity researchers have taken the wraps off a gateway-monitoring and adversary-in-the-middle (AitM) framework dubbed DKnife that's operated by China-nexus threat actors since at least 2019
Researchers at Check Point link ‘Amarath-Dragon’ attacks to prolific Chinese cyber-espionage operation
Threat actors affiliated with China have been attributed to a fresh set of cyber espionage campaigns targeting government and law enforcement agencies across Southeast Asia throughout 2025
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025-8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies. [...]
Hacked Infrastructure Delivered Chinese Nation-State Group's Backdoor, Experts WarnThe widely used, open source text-editing software Notepad++ for Windows said attackers exploited a vulnerability to redirect some users to sites that pushed a backdoor onto their system. Security experts have tied the attack to a broader campaign perpetrated by Chinese nation-state actors.
A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++
The group targets telecoms, critical infrastructure - all the usual high-value orgs Security researchers have attributed the Notepad++ update hijacking to a Chinese government-linked espionage crew called Lotus Blossom (aka Lotus Panda, Billbug), which abused weaknesses in the update infrastructure to gain a foothold in high-value targets by delivering a newly identified backdoor dubbed Chrysalis.…
State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.
Linwei Ding Faces Decades in Prison for Trade Secret Theft, EspionageA federal jury in San Francisco convicted a former Google software engineer of stealing thousands of pages of confidential AI data and transferring it to Chinese technology companies. Linwei Ding is guilty of seven counts of economic espionage and seven counts of trade secret theft.
Chinese state-sponsored threat actors were likely behind the hijacking of Notepad++ update traffic last year that lasted for almost half a year, the developer states in an official announcement today. [...]
Linwei Ding, a former Google engineer, has been found guilty of stealing trade secrets for China